From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] ppp: update to 2.4.9
Date: Fri, 02 Apr 2021 16:49:18 +0200 [thread overview]
Message-ID: <76051fd7-f502-e36f-172e-1d8858278213@ipfire.org> (raw)
In-Reply-To: <9af25563-b77f-96bd-8772-a0737736ea3b@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 22277 bytes --]
Hello development folks,
I am currently observing some strange memory allocation behaviour with ppp 2.4.9, especially
after multiple (> 1k) reconnects using CHAP. Since I am not sure whether I messed up a patch
or this is caused by upstream code, I currently advise against merging this patch.
Further information will be added here as soon as available.
Thanks, and best regards,
Peter Müller
> This is the first ppp release for years, and the project appears to have
> a different maintainer (team?) by now. As a result, some of our patches
> are no longer necessary as they made it into upstream, while others need
> to be adjusted slightly.
>
> In addition, their configure script does not handle commas in CFLAGS
> properly, which is why the delimiter for the 'sed' call in it has to be
> changed to something neither appearing in a path nor in our CLFAGS set.
>
> The full changelog of this release can be retrieved from
> https://ppp.samba.org/README.html and says:
>
> * Support for new EAP (Extensible Authentication Protocol) methods:
> - Support for EAP-TLS, from Jan Just Keijser and others
> - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
> Van Buggenhout and others
>
> * New pppd options:
> - chap-timeout
> - chapms-strip-domain
> - replacedefaultroute
> - noreplacedefaultroute
> - ipv6cp-accept-remote
> - lcp-echo-adaptive
> - ip-up-script
> - ip-down-script
> - ca
> - capath
> - cert
> - key
> - crl-dir
> - crl
> - max-tls-version
> - need-peer-eap
>
> * Fixes for CVE-2020-8597 and CVE-2015-3310.
>
> * libpcap is now required when compiling on Linux (previously, if
> libpcap was not present, pppd would be compiled without packet
> filtering support).
>
> * The rp-pppoe plugin has been renamed to pppoe, to distinguish it
> from the upstream rp-pppoe code. Its options have changed names,
> but the old names are kept as aliases.
>
> * The configure script now supports cross-compilation.
>
> * Many bug fixes and cleanups.
>
> Thanks to Michael for his hint on the ./configure CFLAGS issue.
>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/rootfiles/common/ppp | 29 +++--
> lfs/ppp | 15 +--
> ...e-compiler-flags-handed-to-us-by-rpm.patch | 121 ------------------
> .../0013-everywhere-O_CLOEXEC-harder.patch | 8 +-
> ...se-SOCK_CLOEXEC-when-creating-socket.patch | 33 ++---
> ...ppp-2.4.6-increase-max-padi-attempts.patch | 6 +-
> src/patches/ppp/ppp-2.4.7-headers_4.9.patch | 6 +-
> ....8-pppd-fix-bounds-check-in-eap-code.patch | 35 -----
> ...-configure-to-handle-cflags-properly.patch | 15 +++
> 9 files changed, 61 insertions(+), 207 deletions(-)
> delete mode 100644 src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
> delete mode 100644 src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
> create mode 100644 src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
>
> diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
> index f1f4f88f2..8d0af69c4 100644
> --- a/config/rootfiles/common/ppp
> +++ b/config/rootfiles/common/ppp
> @@ -2,6 +2,8 @@
> etc/ppp/chap-secrets
> etc/ppp/demonloginscript
> etc/ppp/dialer
> +#etc/ppp/eaptls-client
> +#etc/ppp/eaptls-server
> etc/ppp/ioptions
> etc/ppp/ip-down
> etc/ppp/ip-up
> @@ -12,6 +14,7 @@ etc/ppp/standardloginscript
> #usr/include/pppd/ccp.h
> #usr/include/pppd/chap-new.h
> #usr/include/pppd/chap_ms.h
> +#usr/include/pppd/eap-tls.h
> #usr/include/pppd/eap.h
> #usr/include/pppd/ecp.h
> #usr/include/pppd/eui64.h
> @@ -23,6 +26,7 @@ etc/ppp/standardloginscript
> #usr/include/pppd/magic.h
> #usr/include/pppd/md4.h
> #usr/include/pppd/md5.h
> +#usr/include/pppd/mppe.h
> #usr/include/pppd/patchlevel.h
> #usr/include/pppd/pathnames.h
> #usr/include/pppd/pppcrypt.h
> @@ -33,18 +37,19 @@ etc/ppp/standardloginscript
> #usr/include/pppd/tdb.h
> #usr/include/pppd/upap.h
> usr/lib/pppd
> -usr/lib/pppd/2.4.8
> -#usr/lib/pppd/2.4.8/minconn.so
> -#usr/lib/pppd/2.4.8/openl2tp.so
> -#usr/lib/pppd/2.4.8/passprompt.so
> -#usr/lib/pppd/2.4.8/passwordfd.so
> -#usr/lib/pppd/2.4.8/pppoatm.so
> -#usr/lib/pppd/2.4.8/pppol2tp.so
> -#usr/lib/pppd/2.4.8/radattr.so
> -#usr/lib/pppd/2.4.8/radius.so
> -#usr/lib/pppd/2.4.8/radrealms.so
> -#usr/lib/pppd/2.4.8/rp-pppoe.so
> -#usr/lib/pppd/2.4.8/winbind.so
> +usr/lib/pppd/2.4.9
> +#usr/lib/pppd/2.4.9/minconn.so
> +#usr/lib/pppd/2.4.9/openl2tp.so
> +#usr/lib/pppd/2.4.9/passprompt.so
> +#usr/lib/pppd/2.4.9/passwordfd.so
> +#usr/lib/pppd/2.4.9/pppoatm.so
> +#usr/lib/pppd/2.4.9/pppoe.so
> +#usr/lib/pppd/2.4.9/pppol2tp.so
> +#usr/lib/pppd/2.4.9/radattr.so
> +#usr/lib/pppd/2.4.9/radius.so
> +#usr/lib/pppd/2.4.9/radrealms.so
> +#usr/lib/pppd/2.4.9/rp-pppoe.so
> +#usr/lib/pppd/2.4.9/winbind.so
> usr/sbin/chat
> usr/sbin/pppd
> usr/sbin/pppdump
> diff --git a/lfs/ppp b/lfs/ppp
> index cbac95067..73356b8c4 100644
> --- a/lfs/ppp
> +++ b/lfs/ppp
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
> +# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,12 +24,12 @@
>
> include Config
>
> -VER = 2.4.8
> +VER = 2.4.9
>
> THISAPP = ppp-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> DL_FROM = $(URL_IPFIRE)
> -DIR_APP = $(DIR_SRC)/ppp-$(THISAPP)
> +DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
>
> CFLAGS += -fno-strict-aliasing
> @@ -42,7 +42,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_MD5 = fa325e90e43975a1bd7e1012c8676123
> +$(DL_FILE)_MD5 = f605d021b586fc26e35c6a54fd84b65f
>
> install : $(TARGET)
>
> @@ -73,16 +73,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> cd $(DIR_APP) && rm -f include/pcap-int.h include/linux/if_pppol2tp.h
> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
> cd $(DIR_APP) && sed -i -e "s+/etc/ppp/connect-errors+/var/log/connect-errors+" pppd/pathnames.h
> - cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls
> - cd $(DIR_APP) && make $(MAKETUNING) CC="gcc" RPM_OPT_FLAGS="$(CFLAGS)"
> + cd $(DIR_APP) && ./configure --prefix=/usr --cc="gcc" --cflags="$(CFLAGS)" --disable-nls
> + cd $(DIR_APP) && make $(MAKETUNING)
> cd $(DIR_APP) && make install
> cd $(DIR_APP) && make install-etcppp
> touch /var/log/connect-errors
> diff --git a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch b/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
> deleted file mode 100644
> index 4a43d444a..000000000
> --- a/src/patches/ppp/0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
> +++ /dev/null
> @@ -1,121 +0,0 @@
> -From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
> -From: Michal Sekletar <msekleta(a)redhat.com>
> -Date: Fri, 4 Apr 2014 11:29:39 +0200
> -Subject: [PATCH 03/25] build-sys: utilize compiler flags handed to us by
> - rpmbuild
> -
> ----
> - chat/Makefile.linux | 2 +-
> - pppd/Makefile.linux | 3 +--
> - pppd/plugins/Makefile.linux | 2 +-
> - pppd/plugins/pppoatm/Makefile.linux | 2 +-
> - pppd/plugins/radius/Makefile.linux | 2 +-
> - pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
> - pppdump/Makefile.linux | 2 +-
> - pppstats/Makefile.linux | 2 +-
> - 8 files changed, 8 insertions(+), 9 deletions(-)
> -
> -diff --git a/chat/Makefile.linux b/chat/Makefile.linux
> -index 1065ac5..848cd8d 100644
> ---- a/chat/Makefile.linux
> -+++ b/chat/Makefile.linux
> -@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
> - CDEF4= -DFNDELAY=O_NDELAY # Old name value
> - CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
> -
> --COPTS= -O2 -g -pipe
> -+COPTS= $(RPM_OPT_FLAGS)
> - CFLAGS= $(COPTS) $(CDEFS)
> -
> - INSTALL= install
> -diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
> -index 5a44d30..63872eb 100644
> ---- a/pppd/Makefile.linux
> -+++ b/pppd/Makefile.linux
> -@@ -32,8 +32,7 @@ endif
> -
> - CC = gcc
> - #
> --COPTS = -O2 -pipe -Wall -g
> --LIBS =
> -+COPTS = -Wall $(RPM_OPT_FLAGS)
> -
> - # Uncomment the next 2 lines to include support for Microsoft's
> - # MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
> -diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
> -index 0a7ec7b..e09a369 100644
> ---- a/pppd/plugins/Makefile.linux
> -+++ b/pppd/plugins/Makefile.linux
> -@@ -1,5 +1,5 @@
> - #CC = gcc
> --COPTS = -O2 -g
> -+COPTS = $(RPM_OPT_FLAGS)
> - CFLAGS = $(COPTS) -I.. -I../../include -fPIC
> - LDFLAGS = -shared
> - INSTALL = install
> -diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
> -index 20f62e6..5a81447 100644
> ---- a/pppd/plugins/pppoatm/Makefile.linux
> -+++ b/pppd/plugins/pppoatm/Makefile.linux
> -@@ -1,5 +1,5 @@
> - #CC = gcc
> --COPTS = -O2 -g
> -+COPTS = $(RPM_OPT_FLAGS)
> - CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
> - LDFLAGS = -shared
> - INSTALL = install
> -diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
> -index 24ed3e5..45b3b8d 100644
> ---- a/pppd/plugins/radius/Makefile.linux
> -+++ b/pppd/plugins/radius/Makefile.linux
> -@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
> - INSTALL = install
> -
> - PLUGIN=radius.so radattr.so radrealms.so
> --CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
> -+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
> -
> - # Uncomment the next line to include support for Microsoft's
> - # MS-CHAP authentication protocol.
> -diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
> -index 5d7a271..352991a 100644
> ---- a/pppd/plugins/rp-pppoe/Makefile.linux
> -+++ b/pppd/plugins/rp-pppoe/Makefile.linux
> -@@ -25,7 +25,7 @@ INSTALL = install
> - # Version is set ONLY IN THE MAKEFILE! Don't delete this!
> - RP_VERSION=3.8p
> -
> --COPTS=-O2 -g
> -+COPTS=$(RPM_OPT_FLAGS)
> - CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
> - all: rp-pppoe.so pppoe-discovery
> -
> -diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
> -index ac028f6..d0a5032 100644
> ---- a/pppdump/Makefile.linux
> -+++ b/pppdump/Makefile.linux
> -@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
> - BINDIR = $(DESTDIR)/sbin
> - MANDIR = $(DESTDIR)/share/man/man8
> -
> --CFLAGS= -O -I../include/net
> -+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
> - OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
> -
> - INSTALL= install
> -diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
> -index cca6f0f..42aba73 100644
> ---- a/pppstats/Makefile.linux
> -+++ b/pppstats/Makefile.linux
> -@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
> - PPPSTATOBJS = pppstats.o
> -
> - #CC = gcc
> --COPTS = -O
> -+COPTS = $(RPM_OPT_FLAGS)
> - COMPILE_FLAGS = -I../include
> - LIBS =
> -
> ---
> -1.8.3.1
> -
> diff --git a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> index 2513021b2..792d1c42f 100644
> --- a/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> +++ b/src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch
> @@ -27,10 +27,10 @@ index 6ea6c1f..faced53 100644
> free(path);
> errno = err;
> diff --git a/pppd/main.c b/pppd/main.c
> -index 6d50d1b..4880377 100644
> +index 87a5d29..152e4a2 100644
> --- a/pppd/main.c
> +++ b/pppd/main.c
> -@@ -420,7 +420,7 @@ main(argc, argv)
> +@@ -400,7 +400,7 @@ main(int argc, char *argv[])
> die(0);
>
> /* Make sure fds 0, 1, 2 are open to somewhere. */
> @@ -39,11 +39,11 @@ index 6d50d1b..4880377 100644
> if (fd_devnull < 0)
> fatal("Couldn't open %s: %m", _PATH_DEVNULL);
> while (fd_devnull <= 2) {
> -@@ -1679,7 +1679,7 @@ device_script(program, in, out, dont_wait)
> +@@ -1642,7 +1642,7 @@ device_script(char *program, int in, int out, int dont_wait)
> if (log_to_fd >= 0)
> errfd = log_to_fd;
> else
> -- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
> +- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
> + errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
>
> ++conn_running;
> diff --git a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> index 3475f09a8..fffda981d 100644
> --- a/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> +++ b/src/patches/ppp/0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
> @@ -7,9 +7,9 @@ Subject: [PATCH 14/25] everywhere: use SOCK_CLOEXEC when creating socket
> pppd/plugins/pppoatm/pppoatm.c | 2 +-
> pppd/plugins/pppol2tp/openl2tp.c | 2 +-
> pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
> - pppd/plugins/rp-pppoe/if.c | 2 +-
> - pppd/plugins/rp-pppoe/plugin.c | 6 +++---
> - pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
> + pppd/plugins/pppoe/if.c | 2 +-
> + pppd/plugins/pppoe/plugin.c | 6 +++---
> + pppd/plugins/pppoe/pppoe-discovery.c | 2 +-
> pppd/sys-linux.c | 10 +++++-----
> pppd/tty.c | 2 +-
> 8 files changed, 14 insertions(+), 14 deletions(-)
> @@ -53,10 +53,10 @@ index a7e3400..e64a778 100644
> if (fd >= 0) {
> memset (&ifr, '\0', sizeof (ifr));
> strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
> -diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
> +diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
> index 91e9a57..72aba41 100644
> ---- a/pppd/plugins/rp-pppoe/if.c
> -+++ b/pppd/plugins/rp-pppoe/if.c
> +--- a/pppd/plugins/pppoe/if.c
> ++++ b/pppd/plugins/pppoe/if.c
> @@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
> stype = SOCK_PACKET;
> #endif
> @@ -66,10 +66,10 @@ index 91e9a57..72aba41 100644
> /* Give a more helpful message for the common error case */
> if (errno == EPERM) {
> fatal("Cannot create raw socket -- pppoe must be run as root.");
> -diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
> +diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
> index a8c2bb4..24bdf8f 100644
> ---- a/pppd/plugins/rp-pppoe/plugin.c
> -+++ b/pppd/plugins/rp-pppoe/plugin.c
> +--- a/pppd/plugins/pppoe/plugin.c
> ++++ b/pppd/plugins/pppoe/plugin.c
> @@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
> /* server equipment). */
> /* Opening this socket just before waitForPADS in the discovery() */
> @@ -97,10 +97,10 @@ index a8c2bb4..24bdf8f 100644
> r = 0;
> }
>
> -diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
> +diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
> index 3d3bf4e..c0d927d 100644
> ---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
> -+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
> +--- a/pppd/plugins/pppoe/pppoe-discovery.c
> ++++ b/pppd/plugins/pppoe/pppoe-discovery.c
> @@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
> stype = SOCK_PACKET;
> #endif
> @@ -147,15 +147,6 @@ index 00a2cf5..0690019 100644
> if (s < 0)
> return 0;
>
> -@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
> - int skfd;
> - const unsigned char *ptr;
> -
> -- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
> -+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
> - if(skfd == -1)
> - {
> - warn("could not open IPv6 socket");
> diff --git a/pppd/tty.c b/pppd/tty.c
> index bc96695..8e76a5d 100644
> --- a/pppd/tty.c
> diff --git a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> index 5127c1f10..1b36e8369 100644
> --- a/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> +++ b/src/patches/ppp/ppp-2.4.6-increase-max-padi-attempts.patch
> @@ -1,7 +1,7 @@
> -diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
> +diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h
> index 9ab2eee..86762bd 100644
> ---- a/pppd/plugins/rp-pppoe/pppoe.h
> -+++ b/pppd/plugins/rp-pppoe/pppoe.h
> +--- a/pppd/plugins/pppoe/pppoe.h
> ++++ b/pppd/plugins/pppoe/pppoe.h
> @@ -148,7 +148,7 @@ extern UINT16_t Eth_PPPOE_Session;
> #define STATE_TERMINATED 4
>
> diff --git a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> index 633eb045a..686db9204 100644
> --- a/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> +++ b/src/patches/ppp/ppp-2.4.7-headers_4.9.patch
> @@ -1,6 +1,6 @@
> -diff -Naur ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c
> ---- ppp-2.4.7.org/pppd/plugins/rp-pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
> -+++ ppp-2.4.7/pppd/plugins/rp-pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
> +diff -Naur ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c ppp-2.4.7/pppd/plugins/pppoe/plugin.c
> +--- ppp-2.4.7.org/pppd/plugins/pppoe/plugin.c 2014-08-09 14:31:39.000000000 +0200
> ++++ ppp-2.4.7/pppd/plugins/pppoe/plugin.c 2017-02-09 08:45:12.567493723 +0100
> @@ -49,6 +49,8 @@
> #include <net/ethernet.h>
> #include <net/if_arp.h>
> diff --git a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch b/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
> deleted file mode 100644
> index 858769f48..000000000
> --- a/src/patches/ppp/ppp-2.4.8-pppd-fix-bounds-check-in-eap-code.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -commit 8d7970b8f3db727fe798b65f3377fe6787575426
> -Author: Paul Mackerras <paulus(a)ozlabs.org>
> -Date: Mon Feb 3 15:53:28 2020 +1100
> -
> - pppd: Fix bounds check in EAP code
> -
> - Given that we have just checked vallen < len, it can never be the case
> - that vallen >= len + sizeof(rhostname). This fixes the check so we
> - actually avoid overflowing the rhostname array.
> -
> - Reported-by: Ilja Van Sprundel <ivansprundel(a)ioactive.com>
> - Signed-off-by: Paul Mackerras <paulus(a)ozlabs.org>
> -
> -diff --git a/pppd/eap.c b/pppd/eap.c
> -index 94407f5..1b93db0 100644
> ---- a/pppd/eap.c
> -+++ b/pppd/eap.c
> -@@ -1420,7 +1420,7 @@ int len;
> - }
> -
> - /* Not so likely to happen. */
> -- if (vallen >= len + sizeof (rhostname)) {
> -+ if (len - vallen >= sizeof (rhostname)) {
> - dbglog("EAP: trimming really long peer name down");
> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
> - rhostname[sizeof (rhostname) - 1] = '\0';
> -@@ -1846,7 +1846,7 @@ int len;
> - }
> -
> - /* Not so likely to happen. */
> -- if (vallen >= len + sizeof (rhostname)) {
> -+ if (len - vallen >= sizeof (rhostname)) {
> - dbglog("EAP: trimming really long peer name down");
> - BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
> - rhostname[sizeof (rhostname) - 1] = '\0';
> diff --git a/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
> new file mode 100644
> index 000000000..b36ace192
> --- /dev/null
> +++ b/src/patches/ppp/ppp-2.4.9-patch-configure-to-handle-cflags-properly.patch
> @@ -0,0 +1,15 @@
> +--- ppp-2.4.9.orig/configure 2021-03-30 21:38:27.415735914 +0200
> ++++ ppp-2.4.9/configure 2021-04-01 19:10:48.632314447 +0200
> +@@ -121,9 +121,9 @@
> + rm -f $2
> + if [ -f $1 ]; then
> + echo " $2 <= $1"
> +- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
> +- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
> +- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
> ++ sed -e "s#@DESTDIR@#$DESTDIR#g" -e "s#@SYSCONF@#$SYSCONF#g" \
> ++ -e "s#@CROSS_COMPILE@#$CROSS_COMPILE#g" -e "s#@CC@#$CC#g" \
> ++ -e "s#@CFLAGS@#$CFLAGS#g" $1 >$2
> + fi
> + }
> +
>
next prev parent reply other threads:[~2021-04-02 14:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-01 17:58 Peter Müller
2021-04-02 14:49 ` Peter Müller [this message]
2021-04-02 14:52 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=76051fd7-f502-e36f-172e-1d8858278213@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox